Firewall Wizards mailing list archives
Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists"
From: Michael Tewner <tewner () gmail com>
Date: Sun, 24 May 2009 08:03:08 +0300
Thanks Eric - That seems to be what I was missing. By creating a new Group Policy, I can make this transition one tunnel at a time, instead of creating all the rules I *THINK* I'll need, moving to interface ACL's, and praying for the best.... Thank you Paul and Farrukh for your informative answers! -Mike On Sat, May 16, 2009 at 10:37 PM, Eric Gearhart <eric () nixwizard net> wrote:
Sorry I accidentally sent that last email prematurely... anyway under "Default Group Policy" if you click manage there should be a "DfltGrpPolicy." You can create your own custom Group Policy for this tunnel, and specify a filter for this group policy. The filter you select is just an extended access list, and your "source" is the remote network from your VPN peer, "destination" is your local networks on your local ASA. Here's the obligatory Cisco link that explains all this: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml -- Eric http://nixwizard.net _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Michael Tewner (May 13)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Farrukh Haroon (May 14)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Paul Melson (May 14)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Eric Gearhart (May 17)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Eric Gearhart (May 17)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Michael Tewner (May 24)